Intel MKTME Support Being Prepped For The Linux Kernel: Total Memory Encryption

Written by Michael Larabel in Intel on 5 March 2018 at 11:42 AM EST. 10 Comments
INTEL
Intel developers are working on bringing transparent memory encryption support to the Linux kernel that works in conjunction with upcoming Intel platforms.

AMD's current EPYC and Ryzen Pro processors feature Secure Memory Encryption (SME) while upcoming Intel CPUs are working on a roughly similar feature with Total Memory Encryption (TME) along with MKTME, or Multikey Total Memory Encryption.
MKTME is built on top of TME. TME allows encryption of the entirety of system memory using a single key. MKTME allows to have multiple encryption domains, each having own key -- different memory pages can be encrypted with different keys.

Key design points of Intel MKTME:

- Initial HW implementation would support upto 63 keys (plus one default TME key). But the number of keys may be as low as 3, depending to SKU and BIOS settings.

Kirill Shutemov of Intel Finland today sent out the initial kernel patches for this TME/MKTME kernel support code. In its present form is just over 500 lines of code to take advantage of this hardware-based transparent memory encryption for future Intel CPUs.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week